lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 11 Sep 2017 12:20:32 +0800
From:   Dison River <pwn2river@...il.com>
To:     davem@...emloft.net, edumazet@...gle.com, daniel@...earbox.net,
        alexander.h.duyck@...el.com, dsa@...ulusnetworks.com,
        Jakub Kicinski <jakub.kicinski@...ronome.com>, me@...in.cc,
        stephen@...workplumber.org, netdev@...r.kernel.org,
        linux-kernel@...r.kernel.org, security@...nel.org
Cc:     syzkaller@...glegroups.com
Subject: WARNING in skb_warn_bad_offload

Hi,

I found a warning while fuzzing with Syzkaller on linux 4.13-rc6 on
x86_64. The full stack trace is below:

------------[ cut here ]------------
WARNING: CPU: 3 PID: 32413 at net/core/dev.c:2592
skb_warn_bad_offload+0x2a9/0x380 net/core/dev.c:2587
Kernel panic - not syncing: panic_on_warn set ...

CPU: 3 PID: 32413 Comm: syz-executor3 Not tainted 4.13.0-rc6+ #1
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:16 [inline]
 dump_stack+0x95/0xeb lib/dump_stack.c:52
 panic+0x1ae/0x387 kernel/panic.c:180
 __warn+0x1c4/0x1d9 kernel/panic.c:541
 report_bug+0x213/0x2d0 lib/bug.c:183
 fixup_bug+0x3f/0x90 arch/x86/kernel/traps.c:190
 do_trap_no_signal arch/x86/kernel/traps.c:224 [inline]
 do_trap+0x13a/0x3e0 arch/x86/kernel/traps.c:273
 do_error_trap+0x11e/0x1f0 arch/x86/kernel/traps.c:310
 do_invalid_op+0x1b/0x20 arch/x86/kernel/traps.c:323
 invalid_op+0x18/0x20 arch/x86/entry/entry_64.S:846
RIP: 0010:skb_warn_bad_offload+0x2a9/0x380 net/core/dev.c:2587
RSP: 0018:ffff88006996f460 EFLAGS: 00010286
RAX: 000000000000006d RBX: ffff88006b1813e8 RCX: 0000000000000000
RDX: 000000000000006d RSI: ffffffff8122d81e RDI: ffffed000d32de80
RBP: ffff88006996f4b8 R08: ffffffff83ad0fd8 R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000000 R12: ffff88003d5bc5a0
R13: 0000000000000000 R14: ffff88003d5bc5a0 R15: 0000000000000bd0
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5
sclass=netlink_audit_socket pig=32438 comm=syz-executor0
 __skb_gso_segment+0x5a3/0x6d0 net/core/dev.c:2799
 skb_gso_segment include/linux/netdevice.h:3957 [inline]
 validate_xmit_skb+0x42d/0xa20 net/core/dev.c:3049
SELinux: unrecognized netlink message: protocol=9 nlmsg_type=5
sclass=netlink_audit_socket pig=32441 comm=syz-executor0
 __dev_queue_xmit+0xc9f/0x18b0 net/core/dev.c:3472
 dev_queue_xmit+0x17/0x20 net/core/dev.c:3513
 neigh_hh_output include/net/neighbour.h:471 [inline]
 neigh_output include/net/neighbour.h:479 [inline]
 ip6_finish_output2+0x119b/0x1dd0 net/ipv6/ip6_output.c:120
 ip6_finish_output+0x3a0/0x770 net/ipv6/ip6_output.c:146
 NF_HOOK_COND include/linux/netfilter.h:237 [inline]
 ip6_output+0x211/0x6e0 net/ipv6/ip6_output.c:163
 dst_output include/net/dst.h:471 [inline]
 ip6_local_out+0x95/0x160 net/ipv6/output_core.c:178
 ip6_send_skb+0xa1/0x330 net/ipv6/ip6_output.c:1735
 udp_v6_send_skb+0x30a/0xe90 net/ipv6/udp.c:1059
 udpv6_sendmsg+0x1b4f/0x2540 net/ipv6/udp.c:1331
 inet_sendmsg+0x123/0x500 net/ipv4/af_inet.c:762
 sock_sendmsg_nosec net/socket.c:633 [inline]
 sock_sendmsg+0xca/0x110 net/socket.c:643
 SYSC_sendto+0x20d/0x340 net/socket.c:1736
 SyS_sendto+0x40/0x50 net/socket.c:1704
 entry_SYSCALL_64_fastpath+0x18/0xad
RIP: 0033:0x452309
RSP: 002b:00007fe2d89a0c08 EFLAGS: 00000216 ORIG_RAX: 000000000000002c
RAX: ffffffffffffffda RBX: 0000000000718150 RCX: 0000000000452309
RDX: 0000000000000bd7 RSI: 00000000205d2000 RDI: 0000000000000015
RBP: 0000000000000046 R08: 0000000020226fe4 R09: 000000000000001c
R10: 0000000000000000 R11: 0000000000000216 R12: 00000000004bf2e0
R13: 00000000ffffffff R14: ffffffffffffffff R15: 00000000c08c5335
Dumping ftrace buffer:
   (ftrace buffer empty)
Kernel Offset: disabled
Rebooting in 86400 seconds..

Download attachment "repro.prog" of type "application/octet-stream" (6911 bytes)

Download attachment ".config" of type "application/octet-stream" (114709 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ